Lawmakers criticize FBI's request for encryption back doors

U.S. lawmakers are skeptical of an FBI request for Congress to mandate encryption workarounds in smartphones, with critics saying Wednesday that back doors would create new vulnerabilities that bad guys can exploit.

It's currently impossible for smartphone makers to build in back doors that allow law enforcement agencies access to encrypted communications but also keep out cybercriminals, witnesses and lawmakers said during a hearing before the IT subcommittee of the House of Representatives' Oversight and Government Reform Committee.

Law enforcement representatives called on lawmakers to find a way to allow access to encrypted data as a way to prevent serious crime. Late last year, FBI Director James Comey called for a public debate on encryption after Apple and Google announced they would offer new encryption tools on their smartphone OSes.

But most lawmakers questioned the need for encryption workarounds. Building in back doors for encryption on smartphones would be "technologically stupid," said Representative Ted Lieu, a California Democrat with a background in computer science. Apple and Google have responded to public demand for encryption because of an "out-of-control surveillance state," he added.

With all kinds of unencrypted digital information and tracking technologies available to law enforcement agencies, police are living in a "golden age of surveillance," added Representative Jason Chaffetz, a Utah Republican and committee chairman. "We're certainly not going to go dark, and in some ways, we've never been brighter."

Congress needs to find the right balance between privacy and national security, but building back doors in encryption would be similar to "drilling a hole in a windshield," Chaffetz said. If Apple can figure out how to circumvent smartphone users' encryption, "so can the nefarious folks in a van down by the river," he said.

The FBI doesn't need to hold the keys to encrypted information on smartphones, but policymakers and the technology industry need to figure out a way to allow law enforcement access to criminals' devices when a judge issues a warrant, said Amy Hess, executive assistant director at the FBI's Science and Technology Branch. Tech companies should implement encryption workarounds in the product "design phase," she said.

When criminals are storing information on encrypted devices, the process of obtaining search warrants may be "an exercise in futility," Hess said. The FBI believes that "no one in this country should be beyond the law," she added. "The notion that a suspected criminal's closet could never be opened, or his phone could never be unlocked, even with properly obtained legal authority, is troubling."

Police have used information on smartphones to investigate many crimes, including child pornography and human trafficking, added Daniel Conley, district attorney in Boston. He called on Congress to require smartphone makers to allow law enforcement access to encrypted data and on technology companies to come up with new ways to allow law enforcement access to data.

Police agencies need access to digital information to solve crimes, and they don't otherwise track people, he added. "We don't monitor websites where people visit or aggregate data about people's personal health, wealth or shopping habits," Conley said. "That, frankly, is the purview of companies like Apple and Google."

Conley had harsh words for data collection by technology companies. "Their nominal commitment to privacy rights would be far more credible if they were forbidding themselves access to their customers' interests, search terms and consumer habits, but as we all know, they're taking full advantage of their customers' private data for commercial purposes," he added.

Other witnesses at the hearing said encryption workarounds would cause serious problems for technology vendors. U.S. smartphone apps that allow back doors would likely be banned in many European countries, said Jon Potter, president of the Application Developers Alliance. In addition, if the U.S. demands encryption back doors, other countries will follow suit, he said.

"Nearly every digital business wants to be global," he said. "But mandatory government back doors may spark a trade war and imprison businesses in their home country."

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's email address is grant_gross@idg.com.

Latest Videos

Hear from Invictus Games Sydney 2019 CEO, Patrick Kidd OBE and Head of Technology, @James-d-smith -share their insights on how they partnered with Unisys to protect critical data over an open, public WiFi solution.

With so much change all the time, how can executives best prepare their businesses to meet the security challenges of the coming years? CSO Australia, in conjunction with Mimecast, explored this question in an interactive Webinar that looks at how the threat landscape has evolved – and what we can expect in 2019 and beyond.

According to new research conducted by the Ponemon Institute, Australia and New Zealand have the highest levels of data breaches out of the nine countries investigated. This was linked to heavy investment in security detection and an under-investment in security and vulnerability response capabilities

Copyright 2019 IDG Communications. ABN 14 001 592 650. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of IDG Communications is prohibited.